From e501d0e71e22019e00712492b2a6a9789e193332 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 10 Jul 2023 08:31:19 +0200
Subject: [PATCH] Add change log and non-regression test

Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 ChangeLog.d/misc-from-psa-crypto.txt   |  3 +++
 configs/crypto-config-ccm-aes-sha256.h | 37 ++++++++++++++++++++++++++
 tests/scripts/all.sh                   | 12 +++++++++
 3 files changed, 52 insertions(+)
 create mode 100644 ChangeLog.d/misc-from-psa-crypto.txt
 create mode 100644 configs/crypto-config-ccm-aes-sha256.h

diff --git a/ChangeLog.d/misc-from-psa-crypto.txt b/ChangeLog.d/misc-from-psa-crypto.txt
new file mode 100644
index 0000000000..40a043a4fd
--- /dev/null
+++ b/ChangeLog.d/misc-from-psa-crypto.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Fix CCM* with no tag being not supported in a build with CCM as the only
+     symmetric encryption algorithm and the PSA configuration enabled.
diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h
new file mode 100644
index 0000000000..fb66ae2c06
--- /dev/null
+++ b/configs/crypto-config-ccm-aes-sha256.h
@@ -0,0 +1,37 @@
+/**
+ * \file configs/ccm-aes-sha256.h
+ *
+ * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
+ *        SHA-256, HMAC and key derivation
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+
+#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6b0d528751..800e22045b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3169,6 +3169,18 @@ component_test_psa_crypto_config_chachapoly_disabled() {
     make test
 }
 
+component_test_ccm_aes_sha256() {
+    msg "build: CCM + AES + SHA256 configuration"
+
+    cp tests/include/test/drivers/config_test_driver.h  include/mbedtls/mbedtls_config.h
+    cp configs/crypto-config-ccm-aes-sha256.h           include/psa/crypto_config.h
+
+    make CC=gcc
+
+    msg "test: CCM + AES + SHA256 configuration"
+    make test
+}
+
 # This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
 component_build_psa_accel_alg_ecdh() {
     # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH